<?php ob_start();
require_once("../../Connections/connect_admin.php");
if($_POST['task']=='insert')
{
$username=$_POST["username"];
$password=md5($_POST["password"]);
$fullname=$_POST["fullname"];
$email=$_POST["email"];
$mobile=$_POST["mobile"];
$phone=$_POST["phone"];
	if($_POST["active"]=='active')
		$active=1;
	else
		$active=0;
	$query="INSERT INTO `user`(UserName,`Password`,FullName,PhoneNumber,MobileNumber,Email,IsActive) VALUES('$username','$password','$fullname','$phone','$mobile','$email',$active)";
	//$result=mysql_query($query) or die("Query failed");
	if(mysql_query($query))
	{
		header('location:../Account.php?e=0');
		
	}
	else
	{
		header('location:../Account.php?e=1');
		
	}
}
else if($_POST['task']=='update') //update
{
	$username=$_POST["username"];
	$fullname=$_POST["fullname"];
	$email=$_POST["email"];
	$mobile=$_POST["mobile"];
	$phone=$_POST["phone"];
	if($_POST["active"]=='active')
		$active=1;
	else
		$active=0;
	if($_POST["password"]=='' || is_null($_POST["password"]))
	{
		$query="UPDATE `user` SET FullName = '$fullname',PhoneNumber = '$phone',MobileNumber = '$mobile',Email = '$email',IsActive = $active WHERE UserName ='".$username."'";
	}
	else
	{
		$password=md5($_POST["password"]);
		$query="UPDATE `user` SET Password='$password',FullName = '$fullname',PhoneNumber = '$phone',MobileNumber = '$mobile',Email = '$email',IsActive = $active WHERE UserName ='".$username."'";
	}
	//thực thi
	if(mysql_query($query))
	{
		header('location:../Account.php?e=2');
		
	}
	else
	{
		header('location:../Account.php?e=3');
		
	}
}
else if($_POST['task']=='changepass')//Change password
{
	$username=$_POST["username"];
	$oldpass=md5($_POST["oldpass"]);
	$newpass=md5($_POST["newpass"]);
	$query="select * from user where UserName='$username' and Password='$oldpass'";
	$result=mysql_query($query);
	$response=array();
	if(mysql_num_rows($result)>0)
	{
		$query="UPDATE `user` SET Password='$newpass' WHERE UserName ='".$username."'";
		mysql_query($query);
		 $response = array(
        'ok' => true, 
        'msg' => "Cập nhật mật khẩu mới thành công!!!");
	}
	else
	{
		 $response = array(
        'ok' => false, 
        'msg' => "Mật khẩu không chính xác!!!");	
	}
	echo json_encode($response);
}
else if($_POST['task']=='delete')//delete
{
	$username=$_POST["username"];
	$deleteduser=$_POST["deleteduser"];
	//$query="DELETE FROM `user` WHERE UserName='$username'";
	$query="UPDATE `user` SET IsDeleted = 1,DeletedDate = NOW(),DeletedUser = '$deleteduser' WHERE UserName ='".$username."'";
	$result=mysql_query($query);
	$response=array();
	
		 $response = array(
        'ok' => true, 
        'msg' => "Xóa người dùng $username thành công");		
	
	echo json_encode($response);
	
}
else if($_POST["task"]=='updateUser')
{
	$username=$_POST["username"];
	$fullname=$_POST["fullname"];
	$email=$_POST["email"];
	$mobile=$_POST["mobile"];
	$phone=$_POST["phone"];
	$desc=$_POST["description"];
	$birthdate=$_POST["birthdate"];
	$address=$_POST["address"];
	if($_POST["sex"]=="male")
	{
		$sex=1;
	}
	else
	{
		$sex=0;
	}
	$date=explode('/',$birthdate);
	$strdate=$date[2].'-'.$date[1].'-'.$date[0];
	$query="UPDATE `user` SET FullName = '$fullname',Description = '$desc',BirthDay ='$strdate' ,Address = '$address',PhoneNumber = '$phone',MobileNumber = '$mobile',Email = '$email',Sex = $sex WHERE UserName='$username'";
	if(mysql_query($query))
	{
		header('location:../MyProfile.php?e=0');
		
	}
	else
	{
		header('location:../MyProfile.php?e=1');
		
	}
			
}
else if($_POST['task']='searchgroup')
{
	$groupid=intval($_POST['groupid']);
	$keyword=$_POST['keyword'];
	$query="SELECT u.UserName,u.FullName FROM `user` u WHERE u.IsDeleted=0 AND (u.UserName LIKE '%$keyword%' OR u.FullName LIKE '%$keyword%') AND u.UserName NOT IN (SELECT u.UserName FROM `user` u INNER JOIN grouprole_user gu ON gu.UserName = u.UserName WHERE gu.GroupRoleID = $groupid) ";
	$result=mysql_query($query);
	$users=array();
	$i=0;
	while($row=mysql_fetch_assoc($result))
	{
		$users[$i]=array('username'=>$row['UserName'],'fullname'=>$row['FullName']);
		$i++;		
	}
	echo json_encode($users);
}
?>